In general, in order to prevent a dedicated agent system, e.g., a dedicated computer system, from being infected by malicious code, an antivirus product having an antivirus engine may be installed in the dedicated system. An existing antivirus engine installed in the computer system may periodically require engine pattern data updates, as well as self updates, in order to prevent infection by malicious code. The related prior art is disclosed in Korean Published Patent Application No. 2006-0032855 (published on Apr. 18, 2006).
Update of antivirus engines may have the risk of false-positive detection so that a file running on a computer system to perform dedicated functions is determined as one having malicious code, and update of the computer system has the risk of incompatibility of dedicated programs.
Most dedicated computer systems have low performance hardware because their system specifications can't be modified. However, when an antivirus engine is installed and driven in a dedicated computer system with low performance hardware, the antivirus engine is taking a lot of system resources, e.g., CPU, memory, and network traffic, and therefore may disturb the operation of programs installed in the dedicated computer system and the operation of application programs running on the dedicated computer system. For this reason, there is a need for a security program that may also be used even in the dedicated computer system having lower performance hardware than required by the antivirus engine, such as a point of sale (POS) terminal and a low-spec. computer for use in production facilities.
In particular, a system with a Secure Operating System (OS) installed thereon compares hash values of existing files which have been previously stored in the system and an overall hash value of an executable file, and then checks if these files match with each other, thereby checking whether or not the executable file is permitted to be executed before execution.
Such a system needs to check a hash value of each executable file to read or execute the executable file, which entails an increased load of the terminal in case of a large size file.